Project

General

Profile

Actions
Copy link

Bug #18596

open

rgw: object owner should not be able to download the obj without container permission in swift API

Added by wenjun jing over 7 years ago. Updated almost 7 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
rgw
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

1. user1 grant user2 the container write permission
2. user2 upload the object in user1's container with container write permission
3. user1 remove the user2's write permission on the container.
4. user2 can still download the uploaded object without container read permission

which is not consistent with the openstack swift.

Actions
Copy link
 #1

Updated by Greg Farnum almost 7 years ago

  • Project changed from Ceph to rgw
Actions
Copy link
 #2

Updated by Yehuda Sadeh almost 7 years ago

  • Subject changed from object owner should not be able to download the obj without container permission in swift API to rgw: object owner should not be able to download the obj without container permission in swift API

Not quite. There are a set of permissions that will do that, however, if these permissions are not set then users will be able to read objects. We don't want to have different permissions when user goes through either swift or s3.

Actions
Copy link

Also available in: Atom PDF